September 4, 2024 at 08:36AM NinjaLab demonstrated the Eucleak attack, exploiting a vulnerability in third-party cryptographic libraries to clone YubiKey hardware authentication devices. The attack requires physical access and equipment to extract the cryptographic key, but Yubico has issued a security advisory and implemented firmware updates to mitigate the issue. Infineon is also working on … Read more
July 10, 2024 at 06:52AM Google is now offering passkeys for high-risk users to enroll in the Advanced Protection Program (APP), providing a more secure and phishing-resistant alternative to passwords. This technology, based on the FIDO Authentication standard, eliminates the need for traditional passwords and is already being used by over 400 million Google accounts. … Read more
December 21, 2023 at 05:20PM Two British teens from the Lapsus$ gang have been sentenced for cyber-crimes, including compromising companies like Uber and Nvidia. Arion Kurtaj, 18, was hospitalized indefinitely due to his autism and was found to be unfit for trial. Another 17-year-old was given a youth rehabilitation order. The gang attempted extortion and … Read more
November 7, 2023 at 12:23PM The recent cyberattacks on MGM Resorts International and Caesars Entertainment highlight the impact of data breaches on organizations. The breach was orchestrated through social engineering tactics using information obtained from LinkedIn. The root cause of such breaches is the continued reliance on legacy sign-in credentials, which are easily compromised. In … Read more